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Vulnerability Management Lifecycle 


Vulnerability 
_— Management 


Asset 
Inventory 


Do you know the type and 


Do you know what all your assets ih 
ý E amount of open vulnerabilities? 


are and where they are? 


Threat Risk and 
Prioritization 


Patch 
Management 


Can you prioritize remediation 
How can you deploy patches to based on threat intelligence? 
close high-impact vulnerabilities? 
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WannaCry Timeline and Remediation 


Flat 
Remediation 


EternalBlue 
Exploit 


THOUSANDS 


Authenticated Scan / Agent Detection 


New Remote Detection 


Introducing [e) Qualys. 


ity Management, Detection and Response 


One solution to Discover, Assess, Prioritize and Patch critical vulnerabilities 
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Asset Discovery 
Detect known and unknown assets 


Workflow to add an unmanaged 
asset as a managed asset 


Reaves, 


Asset Inventory 
Hardware, operating system, and 


application inventory for all assets 
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Asset Normalization and 
Categorization 
Normalize Inventory data by 


common attributes 
Categorize by vendor, version, type 


Vulnerability Management 
Detect vulnerabilities by QID 
CVE-to-QID mapping 
CVSSv2 and CVSSv3 base scores 


Security Configuration 
Assessment 


CIS Benchmarks 


Security-related 
misconfigurations 
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Prioritization 


Using real-time threat 
intelligence 


Real-world exploits " 
Proof of Concepts 
Exploit categorization 
Exploit severity 


Repe- 


Machine Learning 


Contextual Awareness 
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Remediation 


Automatically correlate 
vulnerabilities to patches 


End-to-end User Interface 
workflows 


Fit-for-purpose visualizations 
and recommendations 


Orchestration for remediation 
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ASSETS 


Tags 
| Finance Í Marketing 


| Operations 


VULNERABILITIES 


1343 


Total 
Vulnerabilities 


VMDR 


Hosts 


[ Human Resources Engineering 3l Q 


CVSS Score CSS”... 
High Med Low 
(310) (320) (713) 


Service Level DL EE 


Agreement Pre-SLA 0-15+ Days 16-30 Days 31-60 Days 61-90 Days 90+ Days 
(260) (122) (108) (412) (211) (230) 


Qualys Threat Prioritization 


LP CE a ee en ERA. med A Amat... Asal £P LIL Mase o; l-- 


Prioritization Engine - 
Machine Learning 


Multi-Layer neural network 
Dataset of 120,000+ vulnerabilities 
132 vulnerability features 
Live exploits / POCs 
Historical threat patterns 
Historical vulnerable software/vendor 
Dark web and social media references 
Qualys security researchers 
Learns new patterns and intelligence daily 


Qualys Insights 


| ML Model 


120K + 
Vulnerabilitie 
S 


Exploits/Threa 
t Feeds 


Dark Web & 
Social Media 


Contextual Awareness 


Your Network is Unique to You 


External facing assets 

Network reachability / cloud security groups 
Zero-Trust Networking / BeyondCorp 
Business / customer applications 

Data sensitivity and Data Access Governance 
Asset system configuration 

Security control validation 


= 


Correlation 


Qualys Asset Vuln 


Priority Score 


Security 
Controls 


Exposure 


VMDR Comes with Much More 


Unlimited Cloud Agents Asset Categorization 
Unlimited Container Sensors Asset Normalization 
Unlimited Passive Sensors Configuration Assessment 
Certificate Inventory CIS Benchmarks 

Cloud Inventory Continuous Monitoring 
Container Inventory Patch Detection and CVE 
Mobile Device Inventory Correlation 
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VMDR 


Concept Demo 
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